Which of the following BEST demonstrates to an IS auditor that an organization has implemented effective risk management processes? 

Answer options:

A. Critical business assets have additional controls.
B. The risk register is reviewed periodically.
C. A business impact analysis (BIA) has been completed.
D. The inventory of IT assets includes asset classification.

B